ARTICLE 29 Data Protection Working Party

Transcription

1 ARTICLE 29 Data Protection Working Party 11601/EN WP 90 Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC Adopted on 27 February 2004 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 14 of Directive 97/66/EC. The secretariat is provided by Directorate E (Services, Copyright, Industrial Property and Data Protection) of the European Commission, Internal Market Directorate-General, B-1049 Brussels, Belgium, Office No C100-6/136. Website:

2 THE WORKING PARTY ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA set up by Directive 95/46/EC of the European Parliament and of the Council of 24 October 19951, having regard to Articles 29 and 30 paragraphs 1 (a) and 3 of that Directive, having regard to its Rules of Procedure and in particular to articles 12 and 14 thereof, HAS ADOPTED THE PRESENT OPINION: Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC 1. INTRODUCTION Directive 2002/58/EC on Privacy and Electronic Communications notably harmonised the conditions under which electronic communications (e.g. , SMS, fax, telephone) can be used for marketing purposes 1. While the present document focuses on these conditions, the Working Party notes that other provisions in the Directive may require attention in the future. Building on the existing opt-in rules in place in certain Member States, Article 13 of Directive 2002/58/EC has introduced a harmonised regime for electronic communications to natural persons for direct marketing purposes. There is a general understanding that, despite this harmonisation, some concepts used in Article 13 of Directive 2002/58/EC on unsolicited communications appear to be subject to differences of interpretation. In accordance with Article 15 (3) of Directive 2002/58/EC in conjunction with Article 30 of Directive 95/46/EC, the Working Party has examined these concepts more closely and adopted the present opinion in order to contribute to a uniform application of national measures under Directive 2002/58/EC. Note that communications for direct marketing purposes have been addressed in previous documents of the Working Party The Directive has to be transposed by the 31 st of October See for instance Opinion 7/2000 On the European Commission Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector of 12 July 2000; Recommendation 2/2001 on certain minimum requirements for collecting personal data on-line in the European Union. 2

3 2. OVERVIEW OF ISSUES RAISED IN THE PRESENT OPINION The opt-in rule requires that consent be given by subscribers prior to the use of automated calling machines, faxes or electronic mails, including SMS, for the purpose of direct marketing. There is an exception for communications sent to existing customers, subject to certain conditions (see below). For (fixed and mobile) voice telephony marketing calls, other than via automated calling machines, Member States may choose between an opt-in and an opt-out system 3. In addition, the sender on whose behalf the communication is made may not disguise or conceal its identity. There must also be a valid address to which the recipient may send a request that such communications cease. 4 The Working Party had decided to provide an opinion on the following elements of this new regime: the concept of electronic mail; the concept of prior consent of subscribers; the concept of direct marketing; the exception to the opt-in rule; the regime for communications to legal persons. 3. ISSUES RAISED 3.1. The concept of electronic mail While the concepts of facsimile machines (fax) or automated calling systems without human intervention (automated calling machines) were present in Directive 97/66/EC, the predecessor of Directive 2002/58/EC, the concept of electronic mail is new and deserves specific attention. The definition of electronic mail is as follows (see Article 2 (h) of Directive 2002/58/EC): any text, voice, sound or image message sent over a public 3 Paragraph 3 of Article 13: 3. Member States shall take appropriate measures to ensure that, free of charge, unsolicited communications for purposes of direct marketing, in cases other than those referred to in paragraphs 1 and 2, are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications, the choice between these options to be determined by national legislation. 4 Paragraph 4 of Directive 2002/58/EC reads as follows: 4. In any event, the practice of sending electronic mail for purposes of direct marketing disguising or concealing the identity of the sender on whose behalf the communication is made, or without a valid address to which the recipient may send a request that such communications cease, shall be prohibited. 3

4 communications network which can be stored in the network or in the recipient's terminal equipment until it is collected by the recipient. In short, any message by electronic communications where the simultaneous participation of the sender and the recipient is not required is covered by this concept of electronic mail. This definition is broad and intended to be technology neutral. The objective was to adapt the predecessor of Directive 2002/58/EC 5 to developments in the markets and the technologies for electronic communications services in order to provide an equal level of protection of personal data and privacy for users of publicly available electronic communications services, regardless of the technologies used. (Recital 4 of Directive 2002/58/EC) As an illustration, services currently covered by the definition of electronic mail include: Simple Mail Transport Protocol or SMTP -based mail, i.e. the classic ; Short Message Service or SMS -based mail (Recital 40 of Directive 2002/58/EC indeed clarifies that electronic mail also includes SMS); Multimedia Messaging Service or MMS -based mail; messages left on answering machines 6 ; voice mail service systems including on mobile services; net send communications addressed directly to an IPaddress. Newsletters sent by also fall under the scope of this definition. Such a list cannot be considered as exhaustive and might have to be revised in view of market and technology developments Prior consent The opt-in rule is based on prior consent as indicated in Paragraph 1 of Article 13 of Directive 2002/58/EC: 1. The use of automated calling systems without human intervention (automatic calling machines), facsimile machines (fax) or electronic mail for the purposes of direct marketing may only be allowed in respect of subscribers who have given their prior consent. However, according to Article 2 (f) and Recital 17, consent of a user or subscriber, regardless of whether the latter is a natural or a legal person, should have the same meaning as the data subject's consent as defined and further specified in Directive 95/46/EC. ( ) Directive 95/46/EC defines the data subject s consent as any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data related to him being processed. (Article 2 (h) of Directive 95/46/EC) Consent in this context is not specific to communications for direct marketing purposes. Reference can be made to Recommendation 2/2001 of the Working Party on certain minimum requirements for collecting personal data on-line in the European Union Directive 97/66EC, O.J. L 24, 30 January Note that some service providers offer the translation of SMS into voice messages. If the message results from a manually assisted call and is not further stored as an electronic message, Article 13 (3) applies. Document WP 43, adopted on 17 May Reference could also be made to the first report on the implementation of the Data Protection Directive (95/46/EC (COM(2003) 265 final, p. 18). 4

5 There may be various ways by which consent may be provided in accordance with Community law. The actual method to collect that consent has not been specifically provided for in Directive 2002/58/EC. Recital 17 re-affirms this: ( ) Consent may be given by any appropriate method enabling a freely given specific and informed indication of the user's wishes, including by ticking a box when visiting an Internet website. Without prejudice to other applicable requirements on e.g. information, methods whereby a subscriber gives prior consent by registering on a website and is later asked to confirm that he was the person who registered and to confirm his consent seem to be compatible with the Directive. Other methods may also be compatible with legal requirements. In contrast, it would not be compatible with Article 13 of Directive 2002/58/EC simply to ask, by a general sent to recipients, their consent to receive marketing s, because of the requirement that the purpose be legitimate, explicit and specific. Moreover, consent given on the occasion of the general acceptance of the terms and conditions governing the possible main contract (e.g., a subscription contract, in which consent is also sought to send communications for direct marketing purposes) must respect the requirements in Directive 95/46/EC, that is, be informed, specific and freely given. Provided that these latter conditions are met, consent might be given by the data subject for instance, through the ticking of a box. Implied consent to receive such mails is not compatible with the definition of consent of Directive 95/46/EC and in particular with the requirement of consent being the indication of someone's wishes, including where this would be done unless opposition is made (opt-out). Similarly, pre-ticked boxes, e.g., on websites are not compatible with the definition of the Directive either. The purpose(s) should also be clearly indicated. This implies that the goods and services, or the categories of goods and services, for which marketing s may be sent should be clearly indicated to the subscriber. Consent to pass on the personal data to third parties should also be asked where applicable. The information provided to the data subject should then indicate the purpose(s), the goods and services (or categories of goods and services) for which those third parties would send s. The Working Party would invite industry (e.g. via industry associations such as the Federation of European Direct Marketing (FEDMA)) to incorporate into their codes of conduct, and promote, specific methods to collect consent in accordance with Community law. The Working Party would ask industry to pay attention in particular to systems likely to offer better guarantees that consent has truly and effectively been given by the subscriber. Moreover, such codes should include an obligation to effectively deal with complaints addressed to them by recipients of s. In accordance with Article 30 of Directive 95/46/EC, the Working Party also recalls that it can give an opinion on codes of conduct drawn up at European level. 5

6 Practical elements such as specific indications in headers could also be envisaged in those codes of conduct, so that code-compliant s can be identified easily by users (and possible filters) 8. Lists of addresses Lists which have not been established according to the prior consent requirement may in principle not be used anymore under the opt-in regime, at least until they have been adapted to the new requirements. Selling such incompatible lists to third parties is not legal either. Companies wishing to buy lists of addresses should be cautious that those lists are in accordance with applicable requirements, and in particular that prior consent was given in accordance with those requirements. Other conditions While there may be no specific method provided to give consent to opt-in - to receiving s, conditions laid down in Community law have to be respected. The Working Party wishes to recall that the conditions in the general 95/46/EC Directive for processing personal data must be respected. These notably include, in accordance with Article 10 of Directive 95/46/EC, the requirement to inform, at the moment of collection, at least about: - the identity of the controller or his/her representative if any, - the purposes of the collection of data. There is also a requirement to provide information to individuals on the recipients or categories of recipients of the data, whether replies to questions are obligatory or voluntary, as well as the possible consequences of failure to reply, and about the existence of the right of access to and the right to rectify the data in so far as such information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject (see Article 10 of Directive 95/46/EC). Note also that Article 13 also provides for the obligation to offer an opt-out possibility on each and every message sent. Such an opt-out should at least be possible using the same communications service (e.g., by sending an SMS to opt-out of an SMS-based marketing list) Moreover, the Working Party also recalls that harvesting, i.e., the automatic collection of personal data on public Internet places, e.g. the web, chatrooms, etc, is unlawful under the general 95/46/EC Directive. Notably, it constitutes unfair processing of personal data and does respect neither the purpose limitation principle (finality) nor the obligation of information mentioned above. This is also the case when automatic collection is performed by software. These issues have been discussed in the Working document entitled "Privacy on the Internet" - An integrated EU Approach to On-line Data Protection Reference can be made in this regard to the requirement in the e-commerce Directive that commercial communications be clearly identifiable as such (see Article 6 (a) of Directive 2000/31/EC) Document No WP 37, adopted on 21 November 2000, in particular on p 77 6

7 This is without prejudice to additional requirement stemming from any other legislation related to the marketing or selling of (specific) products or services (e.g. financial products and services, health products and services, distant selling) The concept of direct marketing There is no definition of direct marketing in either the specific or general data protection Directives. There is however a description of marketing purposes in Recital 30 of Directive 95/46/EC, which states that: "( ) whereas Member States may similarly specify the conditions under which personal data may be disclosed to a third party for the purposes of marketing whether carried out commercially or by a charitable organisation or by any other association or foundation, of a political nature for example, subject to the provisions allowing a data subject to object to the processing of data regarding him, at no cost and without having to state his reasons. The Working Party s opinion is that Article 13 of Directive 2002/58/EC consequently covers any form of sales promotion, including direct marketing by charities and political organisations (e.g. fund raising, etc.). Note that a broad definition has been used in the Federation of European Direct Marketing (FEDMA) code of practice for the use of personal data in direct marketing, which has been approved by the Working Party on 13 June Communication to legal persons Paragraph 5 of Article 13 of Directive 2002/58/EC reads as follows: 5. Paragraphs 1 and 3 shall apply to subscribers who are natural persons. Member States shall also ensure, in the framework of Community law and applicable national legislation, that the legitimate interests of subscribers other than natural persons with regard to unsolicited communications are sufficiently protected. In other words, while Member States must also ensure that the legitimate interests of legal persons are sufficiently protected, they remain free to determine the appropriate safeguards to do so. In 2002, a number of Member States - five out of eight - with an opt-in regime for e- mails had chosen to apply the same regime to legal persons as well 11. While the distinction between natural and legal persons seems relatively straightforward, it may not always be easy to make in practice. An easy situation would be where electronic contact details have been disclosed by a potential addressee e.g. on a website or otherwise. It may then be fairly easy to ask for 10 See Working Party Opinion 3/2003 on the European Code of conduct of FEDMA for the use of personal data in direct marketing, available at: The FEDMA Code is available at the following URL address: This Code defines direct marketing as The communication by whatever means (including but not limited to mail, fax, telephone, on-line services etc ) of any advertising or marketing material, which is carried out by the Direct Marketer itself or on its behalf and which is directed to particular individuals th Implementation Report of the European Commission, December

8 the nature of the person e.g. by a simple question, or for the capacity in which the person left those details. Still, this is an important element since it is for the sender to make sure that the rules are respected. In particular in those Member States that would distinguish between communications to legal and to natural persons, the Working Party is of the opinion that practical rules should be developed. While it may become necessary to devote further attention to this specific issue on the basis of Member States implementation of Article 13, the Working Party wishes to raise the following issues at this point in time: - Such practical rules should take account of cross-border effects. One question raised in this regard is what rule to apply to s originating in a Member State not affording safeguards for legal persons received in a Member State offering the same level of protection for legal and natural persons. - One question remains how the sender can determine whether a recipient is a natural or a legal person. In other words, what efforts will a sender be required to make to verify whether the number /address really belongs to a legal person? Great caution would be needed as long as the sender would not be sure that the address belongs to a legal person ( Often, natural persons use addresses with pseudonyms or generic terms without being deprived of the protection provided by the Directive. - Another issue is related to persons who are not directly subscribers to electronic communications services. This can be the cas for the members of a single family or for employees working for a given company. In cases where a family member or a company would provide other family members or their employees with addresses containing their name (e.g., those persons would in principle not be subscribers 12. Some EU Member States have decided to apply the optin regime to such addresses. Member States are invited to pay attention to the fact that personal data are included in such addresses and must be protected as such. In the Working Party s opinion, such protection implies that sending marketing electronic mail, related or unrelated to business purposes, to a personal address 12 The concept of subscriber is defined in the Directive 2002/21/EC on a common regulatory framework for electronic communications networks and services (Framework Directive). This is the notion to be used except as otherwise provided, in accordance with Article 2 of Directive 2002/58/EC. The concept of subscriber is defined in the Framework Directive as any natural person or legal entity who or which is party to a contract with the provider of publicly available electronic communications services for the supply of such services (see Article 2 (k) of Directive 2002/21/EC). Recital 12 of Directive 2002/58/EC clarifies this concept, by stating that: (12) Subscribers to a publicly available electronic communications service may be natural or legal persons. By supplementing Directive 95/46/EC, this Directive is aimed at protecting the fundamental rights of natural persons and particularly their right to privacy, as well as the legitimate interests of legal persons. This Directive does not entail an obligation for Member States to extend the application of Directive 95/46/EC to the protection of the legitimate interests of legal persons, which is ensured within the framework of the applicable Community and national legislation. 8

9 should be considered as marketing to natural persons. In any case, the provisions of Directive 95/46/EC have to be taken into account The exception for similar products and services Paragraph 2 of Article 13 provides for a harmonised exception to the opt-in rule which applies for existing customers, subject to certain conditions. 2. Notwithstanding paragraph 1, where a natural or legal person obtains from its customers their electronic contact details for electronic mail, in the context of the sale of a product or a service, in accordance with Directive 95/46/EC, the same natural or legal person may use these electronic contact details for direct marketing of its own similar products or services provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details when they are collected and on the occasion of each message in case the customer has not initially refused such use. Recital 41 provides useful elements to help understand Article 13 (2): (41) Within the context of an existing customer relationship, it is reasonable to allow the use of electronic contact details for the offering of similar products or services, but only by the same company that has obtained the electronic contact details in accordance with Directive 95/46/EC. When electronic contact details are obtained, the customer should be informed about their further use for direct marketing in a clear and distinct manner, and be given the opportunity to refuse such usage. This opportunity should continue to be offered with each subsequent direct marketing message, free of charge, except for any costs for the transmission of this refusal. While the description leaves some room for interpretation, the Working Party would emphasise that this exception is limited in several ways and must be interpreted restrictively Firstly, this exception is limited to customers in accordance with the first sentence of Article 13(2). In addition, s may only be sent to customers from whom electronic contact details for electronic mail have been obtained, in the context of the sale of a product or a service, and in accordance with Directive 95/46/EC. This latter requirement for instance includes information about the purposes of the collection (see above). The purpose principle (compatible use, fair processing) should help in this regard. In that context, attention should also be paid to the period of time during which consent might reasonably be considered as valid, and hence s can be sent. Secondly, only the same natural or legal person that collected the data may send marketing s. For instance, subsidiaries or mother companies are not the same company. Thirdly, this is limited to the marketing of similar products and services. The opinion of the Working Party is that, while this concept of similar products and services is not an easy concept to apply in practice and justify further attention, similarity could be judged in particular from the objective perspective (reasonable expectations) of the recipient, rather than from the perspective of the sender. The Working Party recalls that there is an obligation, including under the exception, to continue to offer an opt-out in each marketing message. 9

10 Done at Brussels, on 27 February 2004 For the Working Party The Chairman Stefano RODOTA 10

Document 1.1.2-1 DATA PROTECTION IN DIRECT MARKETING analysis of the legislation in direct marketing Component 1 Activity 1.1.2 Final version The content of this report is the sole responsibility of Human

EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 12 July 2002 (OR. en) 2000/0189 (COD) LEX 365 PE-CONS 3636/02 ECO 217 CODEC 778 DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL

ARTICLE 29 Data Protection Working Party 00451/06/EN WP 118 Working Party 29 Opinion 2/2006 on privacy issues related to the provision of email screening services Adopted on 21 February 2006 This Working

January/February 2006 slaughter and may marketing: part 2 Getting the right consent on data capture Rob Sumroy, Partner In the fi rst article in this series Introduction to data protection and direct marketing:

ARTICLE 29 DATA PROTECTION WORKING PARTY 00879/12/EN WP 194 Opinion 04/2012 on Cookie Consent Exemption Adopted on 7 June 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is

ARTICLE 29 DATA PROTECTION WORKING PARTY 1676/13/EN WP 208 Working Document 02/2013 providing guidance on obtaining consent for cookies Adopted on 2 October 2013 This Working Party was set up under Article

1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that

Legal notice All effort has been made to ensure the accuracy of this translation, which is based on the original Slovenian text. All translations of this kind may, nevertheless, be subject to a certain

Opinion of the European Data Protection Supervisor on the Commission Proposal for a Regulation of the European Parliament and of the Council on a European network of Employment Services, workers' access

Unsolicited Electronic Messages Act 2007 Prohibiting Spam and promoting good business practice This guide provides practical information so businesses can ensure they meet the requirements of the Unsolicited

Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic

EDRi amendments on the proposed Regulation laying down measures concerning the European single market for electronic communications and to achieve a Connected Continent, and amending Directives 2002/20/EC,

Comments to the new EU regulation on insolvency proceedings Insolvency of members of a group of companies Alberto Díaz Moreno Professor of Corporate & Commercial Law, Universidad de Sevilla Academic Counsel,

EXPLANATORY MEMORANDUM FEDERATION OF EUROPEAN DIRECT MARKETING EUROPEAN CODE OF PRACTICE FOR THE USE OF PERSONAL DATA IN DIRECT MARKETING FEDMA represents the direct marketing sector at the European level.

Guidance letter to all political parties regarding European and Local Elections Polling day 24th May 2014 Restrictions on Electronic Direct Marketing / Canvassing I am taking the opportunity to write to

4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN

Proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data

Exercising Your Right of Consent to and Opt-out from Direct Marketing Activities under the Personal Data (Privacy) Ordinance 1 It is common for members of the public to receive unsolicited telephone calls,

Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

EXPLANATORY MEMORANDUM FEDERATION OF EUROPEAN DIRECT MARKETING EUROPEAN CODE OF PRACTICE FOR THE USE OF PERSONAL DATA IN DIRECT MARKETING FEDMA represents the direct marketing sector at the European level.

DATRET/EXPGRP (2009) 3 - FINAL EXPERTS GROUP "THE PLATFORM FOR ELECTRONIC DATA RETENTION FOR THE INVESTIGATION, DETECTION AND PROSECUTION OF SERIOUS CRIME" ESTABLISHED BY COMMISSION DECISION 2008/324/EC

May 2006 slaughter and may marketing: part 4 Third party use of customer lists Rob Sumroy, Partner In the fi rst article in this series we considered the legislative and regulatory framework that direct

1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

Australian emarketing Code of Practice March 2005 1 Explanatory Statement This is the Explanatory Statement for the Australian emarketing Code of Practice (the Code). This explanatory statement explains

29.3.2014 Official Journal of the European Union L 96/149 DIRECTIVE 2014/32/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 26 February 2014 on the harmonisation of the laws of the Member States relating

EUROPEAN COMMISSION Brussels, 26.6.2013 COM(2013) 449 final 2013/0213 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic invoicing in public procurement (Text with

COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 29.04.1999 COM(1999) 195 fmal 98/0191(COD) Amended proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE on a common framework for electronic signatures

The 45 and Up Study Policy on Email Contact with Participants 1. Purpose 1.1 The purpose of this policy is to outline requirements of the 45 and Up Study for Mass Emails sent to Participants. 2. Principles

"This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which

19.2.2013 Official Journal of the European Union C 47/1 III (Preparatory acts) EUROPEAN CENTRAL BANK OPINION OF THE EUROPEAN CENTRAL BANK of 24 May 2012 on a draft Commission delegated regulation supplementing

EUROPEAN COMMISSION Brussels, 9.12.2015 COM(2015) 627 final 2015/0284 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ensuring the cross-border portability of online content

Comparison of the Parliament and Council text on the General Data Protection Regulation General comments The Council text and the Parliament text are both based on the Commission's proposal and as such

Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

COUNCIL OF EUROPE COMMITTEE OF MINISTERS RECOMMENDATION No. R (90) 19 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES ON THE PROTECTION OF PERSONAL DATA USED FOR PAYMENT AND OTHER RELATED OPERATIONS' (Adopted

Position of the Nordic Consumer Ombudsmen on social media marketing of 3 May 2012 Contents Introduction 1. General information 2. Marketing messages must be identifiable as marketing 3. Unsolicited electronic

Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

PRB 09-24E ANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON Alysia Davies Legal and Legislative Affairs Division 18 January 2010 PARLIAMENTARY INFORMATION AND RESEARCH SERVICE SERVICE D INFORMATION ET

EUROPEAN COMMISSION Strasbourg, 19.5.2015 COM(2015) 216 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL Proposal for an Interinstitutional Agreement on Better Regulation

Spam Act 2003: A practical guide for business This guide provides practical information to businesses that send electronic messages. It explains the main requirements of the Spam Act 2003 (the Spam Act),

BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules June 2016 Contents Background and general aspects... 3 Article 1 Subject matter and scope... 4 Article 2 Definitions...

Admission Criteria Pertaining to the participation of bulk mailers in the Certified Senders Alliance (CSA) 2014-03-19 Page 1 of 9 Version 1.09 1 Preamble This document describes the criteria for adding

ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive

Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of

A division of the Network Advertising Initiative ESPC Best Practices Guide I. Introduction Email is an excellent channel for mailers to establish and maintain valuable relationships with their subscribers.

Resource Sheet Surveying with CustomerGauge - Legal Considerations: Adam Dorrell Please Note this is not a legal document, and should be used for guidance only. You are advised to seek legal advice before

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

Appendix A Data Protection and Marketing Regulatory Considerations for the European Union Notes: Soft opt-in rules, denoted with a * within the consent for marketing columns below, generally allow marketing